Ipsec ID Mismatch - Форум Kerio-rus

Mugg · 17.10.2018, 20:34

Пытаюсь настроить IPSec тоннель между Kerio Control и роутером Teltonika RUT955.
В Error Log Kerio появляется следующая запись:

Цитата Received Remote id '111' doesn't match Remote id from configuration('111')

Как так-то?
Однако, если на стороне Kerio в "Remote ID" прописать "%any", то тоннель устанавливается. Но это не решение, т.к. нужны будут ipsec тоннели c другими роутерами, а Kerio не даст поставить такое же значение Remote ID во втором тоннеле.

Debug Log:

Цитата [17/Oct/2018 21:17:15] {IPsec} TunnelsList|thread: Tunnel 't1' should be up.
[17/Oct/2018 21:17:15] {charon} charon: 12[CFG] received stroke: initiate 'tunnel_20_1_1_1'
[17/Oct/2018 21:17:15] {charon} charon: 08[IKE] initiating Main Mode IKE_SA tunnel_20_1_1_1[540798] to <Remote IP>
[17/Oct/2018 21:17:15] {charon} charon: 08[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
[17/Oct/2018 21:17:15] {charon} charon: 08[ENC] generating ID_PROT request 0 [ SA V V V V V ]
[17/Oct/2018 21:17:15] {charon} charon: 08[NET] sending packet: from <Local IP>[500] to <Remote IP>[500] (176 bytes)
[17/Oct/2018 21:17:15] {charon} charon: 07[NET] received packet: from <Remote IP>[500] to <Local IP>[500] (132 bytes)
[17/Oct/2018 21:17:15] {charon} charon: 07[ENC] parsed ID_PROT response 0 [ SA V V V ]
[17/Oct/2018 21:17:15] {charon} charon: 07[IKE] received XAuth vendor ID
[17/Oct/2018 21:17:15] {charon} charon: 07[IKE] received DPD vendor ID
[17/Oct/2018 21:17:15] {charon} charon: 07[IKE] received NAT-T (RFC 3947) vendor ID
[17/Oct/2018 21:17:15] {charon} charon: 07[CFG] selecting proposal:
[17/Oct/2018 21:17:15] {charon} charon: 07[CFG] proposal matches
[17/Oct/2018 21:17:15] {charon} charon: 07[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
[17/Oct/2018 21:17:15] {charon} charon: 07[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
[17/Oct/2018 21:17:15] {charon} charon: 07[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
[17/Oct/2018 21:17:15] {charon} charon: 07[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
[17/Oct/2018 21:17:15] {charon} charon: 07[NET] sending packet: from <Local IP>[500] to <Remote IP>[500] (308 bytes)
[17/Oct/2018 21:17:16] {charon} charon: 05[NET] received packet: from <Remote IP>[500] to <Local IP>[500] (308 bytes)
[17/Oct/2018 21:17:16] {charon} charon: 05[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
[17/Oct/2018 21:17:16] {charon} charon: 05[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
[17/Oct/2018 21:17:16] {charon} charon: 05[NET] sending packet: from <Local IP>[500] to <Remote IP>[500] (92 bytes)
[17/Oct/2018 21:17:16] {charon} charon: 13[NET] received packet: from <Remote IP>[500] to <Local IP>[500] (68 bytes)
[17/Oct/2018 21:17:16] {charon} charon: 13[ENC] parsed ID_PROT response 0 [ ID HASH ]
[17/Oct/2018 21:17:16] {charon} charon: 13[IKE] IDir '111' does not match to '111'
[17/Oct/2018 21:17:16] {charon} charon: 13[IKE] deleting IKE_SA tunnel_20_1_1_1[540798] between <Local IP>[k3]...<Remote IP>[%any]
[17/Oct/2018 21:17:16] {charon} charon: 13[IKE] sending DELETE for IKE_SA tunnel_20_1_1_1[540798]
[17/Oct/2018 21:17:16] {charon} charon: 13[ENC] generating INFORMATIONAL_V1 request 2381960836 [ HASH D ]
[17/Oct/2018 21:17:16] {charon} charon: 13[NET] sending packet: from <Local IP>[500] to <Remote IP>[500] (84 bytes)
[17/Oct/2018 21:17:16] {IPsec} TunnelsList|thread: 'ipsec up tunnel_20_1_1_1' returned 0
[17/Oct/2018 21:17:16] {IPsec} TunnelsList|thread: Tunnel 't1' will be checked in 10s.
[17/Oct/2018 21:17:16] {IPsec} TunnelsList|thread: Going to sleep for 10s.

naliman · 17.10.2018, 21:54

перемещено в Kerio VPN

Mugg · 17.10.2018, 22:04

ну, вобщем, решил потыкав настройки Teltonika.
Если кому этот девайс попадется, нужно указать:
My identifier type: FQDN
My identifier: значение Remote ID, указанное в kerio

naliman · 17.10.2018, 22:07

молоток

Опции темы
Версия для печати Отправить по электронной почте